Change comment:
Install extension [org.xwiki.platform:xwiki-platform-tag-ui/14.10.11]
Summary
-
Page properties (2 modified, 0 added, 0 removed)
Details
- Page properties
-
- Author
-
... ... @@ -1,1 +1,1 @@ 1 -XWiki. superadmin1 +xwiki:XWiki.Admin - Content
-
... ... @@ -13,6 +13,7 @@ 13 13 ## 14 14 #set ($do = "$!{request.get('do')}") 15 15 #set ($tag = "$!{request.get('tag')}") 16 +#set ($wikiEscapedTag = $services.rendering.escape($tag, 'xwiki/2.1')) 16 16 #set ($urlEscapedTag = $escapetool.url($tag)) 17 17 #set ($htmlEscapedTag = $escapetool.xml($tag)) 18 18 ## ... ... @@ -20,7 +20,7 @@ 20 20 ## 21 21 #macro (displayTagAppTitle $urlEscapedTag $htmlEscapedTag $displayButtons) 22 22 (% class="xapp" %) 23 - = (% class="highlight tag" %)${ tag}##24 + = (% class="highlight tag" %)${wikiEscapedTag}## 24 24 #if ($xwiki.hasAdminRights() && $displayButtons) ## 25 25 [[$services.localization.render('xe.tag.rename.link')>>||queryString="do=prepareRename&tag=${urlEscapedTag}" class="button rename" rel="nofollow"]] [[$services.localization.render('xe.tag.delete.link')>>||queryString="do=prepareDelete&tag=${urlEscapedTag}" class="button delete" rel="nofollow"]]## 26 26 #end ... ... @@ -36,7 +36,7 @@ 36 36 ## 37 37 #displayTagAppTitle($urlEscapedTag $htmlEscapedTag true) 38 38 #if ("$!{request.get('renamedTag')}" != '') 39 - {{info}}$services.localization.render('xe.tag.rename.success', ["//${request.get('renamedTag')}//"]){{/info}} 40 + {{info}}$services.localization.render('xe.tag.rename.success', ["//${services.rendering.escape(${request.get('renamedTag')}, 'xwiki/2.1')}//"]){{/info}} 40 40 41 41 #end 42 42 #set ($list = $xwiki.tag.getDocumentsWithTag($tag)) ... ... @@ -43,7 +43,7 @@ 43 43 {{container layoutStyle="columns"}} 44 44 ((( 45 45 (% class="xapp" %) 46 - === $services.localization.render('xe.tag.alldocs', ["//${ tag}//"]) ===47 + === $services.localization.render('xe.tag.alldocs', ["//${wikiEscapedTag}//"]) === 47 47 48 48 #if ($list.size()> 0) 49 49 {{html}}#displayDocumentList($list false $blacklistedSpaces){{/html}} ... ... @@ -53,8 +53,8 @@ 53 53 ))) 54 54 ((( 55 55 (% class="xapp" %) 56 - === $services.localization.render('xe.tag.activity', ["//${ tag}//"]) ===57 - {{notifications useUserPreferences="false" displayOwnEvents="true" tags="$ tag" displayRSSLink="true" /}}57 + === $services.localization.render('xe.tag.activity', ["//${wikiEscapedTag}//"]) === 58 + {{notifications useUserPreferences="false" displayOwnEvents="true" tags="$wikiEscapedTag" displayRSSLink="true" /}} 58 58 ))) 59 59 {{/container}} 60 60 #elseif ($do == 'prepareRename') ... ... @@ -73,19 +73,23 @@ 73 73 </form> 74 74 {{/html}} 75 75 #elseif ($do == 'renameTag') 76 - ## 77 - ## Rename tag 78 - ## 79 - #set ($renameTo = "$!{request.get('renameTo')}") 80 - #set ($success = false) 81 - #if ($renameTo != '') 82 - #set ($success = $xwiki.tag.renameTag($tag, $renameTo)) 83 - #end 84 - #if ($success == true || $success == 'OK') 85 - #set ($urlEscapedRenameTo = $escapetool.url($renameTo)) 86 - $response.sendRedirect($doc.getURL('view', "do=viewTag&tag=${urlEscapedRenameTo}&renamedTag=${urlEscapedTag}")) 77 + #if (!$services.csrf.isTokenValid($request.get('form_token'))) 78 + #set ($discard = $response.sendError(401, "Wrong CSRF token")) 87 87 #else 88 - {{error}}$services.localization.render('xe.tag.rename.failure', ["//${tag}//", "//${renameTo}//"]){{/error}} 80 + ## 81 + ## Rename tag 82 + ## 83 + #set ($renameTo = "$!{request.get('renameTo')}") 84 + #set ($success = false) 85 + #if ($renameTo != '') 86 + #set ($success = $xwiki.tag.renameTag($tag, $renameTo)) 87 + #end 88 + #if ($success == true || $success == 'OK') 89 + #set ($urlEscapedRenameTo = $escapetool.url($renameTo)) 90 + $response.sendRedirect($doc.getURL('view', "do=viewTag&tag=${urlEscapedRenameTo}&renamedTag=${urlEscapedTag}")) 91 + #else 92 + {{error}}$services.localization.render('xe.tag.rename.failure', ["//${wikiEscapedTag}//", "//${services.rendering.escape($renameTo, 'xwiki/2.1')}//"]){{/error}} 93 + #end 89 89 #end 90 90 #elseif ($do == 'prepareDelete') 91 91 ## ... ... @@ -103,14 +103,18 @@ 103 103 </form> 104 104 {{/html}} 105 105 #elseif ($do == 'deleteTag') 106 - ## 107 - ## Delete tag 108 - ## 109 - #set ($success = $xwiki.tag.deleteTag($tag)) 110 - #if ($success == true || $success == 'OK') 111 - $response.sendRedirect($doc.getURL('view', "deletedTag=${urlEscapedTag}")) 111 + #if (!$services.csrf.isTokenValid($request.get('form_token'))) 112 + #set ($discard = $response.sendError(401, "Wrong CSRF token")) 112 112 #else 113 - {{error}}$services.localization.render('xe.tag.delete.failure', ["//${tag}//"]){{/error}} 114 + ## 115 + ## Delete tag 116 + ## 117 + #set ($success = $xwiki.tag.deleteTag($tag)) 118 + #if ($success == true || $success == 'OK') 119 + $response.sendRedirect($doc.getURL('view', "deletedTag=${urlEscapedTag}")) 120 + #else 121 + {{error}}$services.localization.render('xe.tag.delete.failure', ["//${wikiEscapedTag}//"]){{/error}} 122 + #end 114 114 #end 115 115 #else 116 116 ## ... ... @@ -118,7 +118,7 @@ 118 118 ## 119 119 #set ($title = 'All Tags') 120 120 #if ("$!{request.get('deletedTag')}" != '') 121 - {{info}}$services.localization.render('xe.tag.delete.success', ["//${request.get('deletedTag')}//"]){{/info}} 130 + {{info}}$services.localization.render('xe.tag.delete.success', ["//${services.rendering.escape($request.get('deletedTag'), 'xwiki/2.1')}//"]){{/info}} 122 122 123 123 #end 124 124 {{tagcloud/}}